Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Office and IE Under Fire (Again)

News of the unpatched PowerPoint vulnerability (via eWeek) comes after a summer-long struggle to contain vulnerabilities in Microsoft Office, the office suite that maintains a venerable monopoly in the market. As with previous PowerPoint exploits, this one uses a rigged PowerPoint file to install a backdoor application. I found some additional information available from Symantec; read that here.

Similarly, another exploit has surfaced for Internet Explorer. This exploit takes advantage of a flaw that was supposedly brought to Microsoft’s attention back in July and apparently still remains unpatched. Fortunately, additional information on the IE vulnerability is available; here are some relevant links:

SecurityFocus: Microsoft Internet Explorer WebViewFolderIcon Buffer Overflow Vulnerability
osvdb: Microsoft IE WebViewFolderIcon setSlice Overflow

No word yet on any workarounds for this vulnerability or the published exploit.

Finally, in slightly related news…a couple of days ago Microsoft released an out-of-band patch (MS06-055) for the VML vulnerability I mentioned last week. As usual, it’s available via Windows Update, WSUS, and various other distribution mechanisms.

Metadata and Navigation

Be social and share this post!